<?php
  include_once('config/config.php');
  $action = isset($_GET['action']) ? $_GET['action'] : '';

// 向sql插入数据
//   $username = '123';
//   $salt = 'qwe'; //插入数据时，$salt需要在$password面前面否则传进去加密后的密码有误;
//   $password = md5('123'.$salt);
//   $avatar = 'sh3o3kl';
//   $sql = "INSERT INTO `pre_admin`(`username`,`password`,`avatar`,`salt`)VALUES('$username','$password','$avatar','$salt')";
//   $res = mysqli_query($conn,$sql);
//   if($res){
//       echo mysqli_insert_id($conn);
//   }
//   else{
//       echo 'SQL语句执行失败：'.$sql.'<br>';
//       echo "错误信息：".mysqli_error($conn);
//       exit;
//   }

// 查询加密后的密码
// $pwd = '123';
// $sa = 'qwe';
// $pwd = md5($pwd.$sa);
// echo $pwd;
// exit;


if($action == "logout")
{
    //说明要退出,退出就是要销毁session会话
    session_destroy();
    ShowMsg('退出成功', 'login.php');
    exit;
}  


  if (!empty($_POST)){
        // 获取用户名
        $username = isset($_POST['username']) ? trim($_POST['username']) : '';
        // 获取密码
        $password = isset($_POST['password']) ? trim($_POST['password']) : '';
        //获取验证码
        $imagecode = isset($_POST['imagecode']) ? trim($_POST['imagecode']) : '';

        
        //校验验证码
        if(strtolower($imagecode) !== $_SESSION['imagecode']){
            ShowMsg('验证码错误');
            exit;
        }


        // header() 函数向客户端发送原始的 HTTP 报头,跳转。
        $sql = "SELECT * FROM `pre_admin` WHERE `username` = '$username'";
        //  查询用户名是否存在
        $data = find ($sql);
        // 获取密码盐
        $salt = $data['salt'];
        // 拿到加密后的密码
        $password = md5($password.$salt);
        // $username = '张三';
        //   echo $password;
        //   exit;

        // 使用$_SESSION储存数据
        $_SESSION['username']  =  $username;
        $_SESSION['id'] = $data['id'];

        
        $abc = '';
        // 判断密码是否正确
        if ($data['password'] == $password){

            //跳转到首页
            header("Location:index.php");
        }
        else{
            // 用户名密码信息错误提示
            // 法一：
            $abc =  "<script>
                        alert('账号或密码错误');
                    </script>";
            // 法二：
            // ShowMsg('用户密码错误');
        }
        // echo $abc;

  }

?>
<!DOCTYPE html>
<html lang="en">
    <head>
    <?php include_once('common/meta.php'); ?>
  </head>
  <body> 
    <div class="navbar">
        <div class="navbar-inner">
            <a class="brand" href="index.html"><span class="second">Admin</span></a>
        </div>
    </div>
    <div class="row-fluid">
        <div class="dialog">
            <div class="block">
                <p class="block-heading">登录</p>
                <div class="block-body">
                    <form method="post">
                        <label>Username</label>
                        <input type="text" name="username" placeholder="请输入用户名" required class="span12" />
                        <label>Password</label>
                        <input type="password" name="password" placeholder="请输入密码" class="span12" required />
                        <label for="">验证码</label>
                        <input type="text" name="imagecode" placeholder="请输入验证码" class="span12" required>
                        <img src="./config/imgcode.php" onclick="this.src = './config/imgcode.php' ">
                        <button type="submit" class="btn btn-primary pull-right">登录</button>
                        <div class="clearfix"></div>
                    </form>
                </div>
            </div>
        </div>
    </div>
  </body>
</html>
<?php include_once('common/script.php'); ?>


